/*
 * Licensed to Jasig under one or more contributor license
 * agreements. See the NOTICE file distributed with this work
 * for additional information regarding copyright ownership.
 * Jasig licenses this file to you under the Apache License,
 * Version 2.0 (the "License"); you may not use this file
 * except in compliance with the License.  You may obtain a
 * copy of the License at the following location:
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.jasig.cas.extension.clearpass;

import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotNull;

import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.AbstractController;

/**
 * A controller that returns the password based on some external authentication/authorization rules.  The recommended
 * method is to use the Jasig CAS Client for Java and its proxy authentication features.
 *
 * @author Scott Battaglia
 * @since 1.0
 */
public final class ClearPassController extends AbstractController {

    private static final Logger LOGGER = LoggerFactory.getLogger(ClearPassController.class);

    // view if clearpass request fails
    private static final String DEFAULT_SERVICE_FAILURE_VIEW_NAME = "protocol/clearPass/clearPassFailure";

    // view if clearpass request succeeds
    private static final String DEFAULT_SERVICE_SUCCESS_VIEW_NAME = "protocol/clearPass/clearPassSuccess";

    // key under which clearpass will be placed into the model
    private static final String MODEL_CLEARPASS = "credentials";

    // key under which failure descriptions are placed into the model
    private static final String MODEL_FAILURE_DESCRIPTION = "description";

    @NotNull
    private String successView = DEFAULT_SERVICE_SUCCESS_VIEW_NAME;

    @NotNull
    private String failureView = DEFAULT_SERVICE_FAILURE_VIEW_NAME;

    @NotNull
    private final Map<String, String> credentialsCache;

    public ClearPassController(final Map<String, String> credentialsCache) {
        this.credentialsCache = credentialsCache;
    }

    @Override
    public ModelAndView handleRequestInternal(final HttpServletRequest request,
            final HttpServletResponse response) throws Exception {
        final String userName = request.getRemoteUser();

        LOGGER.debug("Handling clearPass request for user [{}]", userName);

        if (StringUtils.isBlank(userName)) {
            return returnError("No username was provided to clearPass.");
        }

        if (!this.credentialsCache.containsKey(userName)) {
            return returnError("Password could not be found in cache for user " + userName);
        }

        final String password = this.credentialsCache.get(userName);
        if (StringUtils.isBlank(password)) {
            return returnError("Password is null or blank");
        }

        LOGGER.debug("Retrieved credentials will be provided to the requesting service.");
        return new ModelAndView(this.successView, MODEL_CLEARPASS, password);
    }

    protected ModelAndView returnError(final String description) {
        final ModelAndView mv = new ModelAndView(this.failureView);
        mv.addObject(MODEL_FAILURE_DESCRIPTION, description);
        return mv;
    }

    public void setSuccessView(final String successView) {
        this.successView = successView;
    }

    public void setFailureView(final String failureView) {
        this.failureView = failureView;
    }
}
